Volunteer CISOs Help Small BusinessesMaryland Program Offers Free Advice on Security Issues
A new program in Howard County, Md., is offering small and midsize businesses the opportunity to work with area chief information security officers who are volunteering to offer free advice on a variety of security issues to help mitigate cyber-attack risks.
Area CISOs will be available to answer questions about such issues as regulatory compliance and new security technologies.
"We recognized organizations of all sizes have security and privacy issues," says Jason Taule, CISO at FEI Systems, and a board member for the Howard Tech Council, a membership organization that brings together local technology companies. "[But] many of them don't have the financial wherewithal to maintain a CIO, CISO or CPO."
The new program addresses that gap in smaller organizations, says Julie Lenzer Kirk, executive director of the Maryland Center for Entrepreneurship. To participate, organizations must be members of the Howard Tech Council.
The center serves as an incubator to aid companies in working together, Kirk says, and the CISO-in-residence program is the next step in that effort.
"For the incubator, we [already] have CPAs and investors in residence," Kirk says. "This is an innovative [program] because it's something different that small businesses don't always know they need."
Filling the Security Gap
The new CISO-in-residence program will enable smaller businesses to utilize the knowledge and expertise of a CISO as if they were a full-time employee, says Taule, who is a volunteer for the program.
"Small organizations may not understand all issues of risk," he says. "They're much more susceptible to risk and may be fragile."
Security experts who are interested in participating in the program must be serving in the capacity of a CIO, CISO or CPO, or have recently worked in such a role, and have one of the major security certifications, Taule says.
The CISOs will collaborate with companies to identify the security and privacy gaps that exist in their businesses. Responsibilities include raising awareness of current issues and providing services and guidance, Taule says.
"It's anything they'd do for a company full time," Taule says, "at any stage of the business cycle."
At first, CISOs and companies will engage with one another through e-mail, he says. Eventually, organizers hope to establish an online web portal where individuals can find the appropriate security professional to match their needs.
Participating companies assume full responsibility for all business decisions made with or without the guidance of an in-residence CISO, Taule says. The volunteer CISOs enter into an agreement with the Howard Tech Council, and the interactions between the CISOs and the companies they advise will be monitored by council leadership, he adds.
Another long-term goal is to establish a knowledge base where companies can go and search for online content that answers their questions.
The program will also function as an economic development engine, connecting members who need additional levels of support with cybersecurity companies in the local market, Kirk says.
Participating in this program is a way to give back to the local community, Taule says. "Most professionals should have some sense of community and a desire to give back. I would call desire something more than just a 9-to-5 gig."
Kirk adds: "This is a new model of business community-building. It's bringing this really important issue [of privacy and security] and making it accessible to people that maybe can't afford it."